Replicant

Does Replicant also encrypt the internal storage?

today I had some bad experience with an android phone not supported by Replicant (from the Xperia series): System encryption was enabled, but after too many attempts to enter the password the system rebooted and wiped all data. At least I thought so. It seems like the SD card was internally mounted as /storage/sdcard0 and was neither wiped, nor were its contents affected by the encryption. So after simply triggering a data wipe by entering the wrong password too often, any attacker could have accessed all contents from this partition (and camera apps store the taken images and videos there by default).

Replies (13)

I use internal storage encryption on Galaxy Nexus and the latest version of Replicant. I enabled it once installed Replicant and it works fine. I haven't tried to enter wrong password more than two or three times.

Thank you! It seems then like Replicant is behaving differently than CM in this respect. Have you additionally patched in this behavior? And could someone please post the output of "mount" from a device with encryption applied?

I did.After 10 wrong password entries you have to wait 30 seconds to enter a new password try. After that you could enter the next 10 times wrong passwords (without delay) and have to wait 30 seconds again. Nothing more happens, and in my eyes this behavior is not that bad.Why?The functionality of wiping the device is enabled on my business phone, for example. It seems to be a bad prank under colleagues, to type 4 times wrong passwords on devices of people, which are gone to the toilet for a minute. So I don't really miss this feature ;-)

As a workaround for your case, you could change the encryption password to a stronger one, (instead of just using the unlock PIN/password), for example over this app:

Indeed, encryption is applied to both the applications data (/data) and internal storage (/storage/sdcard0, /sdcard).

I wanted to proof that, but I can't, ad hoc.

"disk free" shows every mount point as a seperated one:I've tried the following inside the Terminal Emulator app (as root):touch /storage/sdcard0/teestfind / -name 'teest'I hoped I will see the 'teest'-file anywhere inside the /data structure, but that was not the case.

Pretty much because the keyword here is vold (=Volume Deamon http://vold.sourceforge.net/)and I have not fully understood the functionality of that, at the moment.

The only way to retrace the encryption of /storage/sdcard0 for me was, that I can't mount that mount point over CWM recovery, after encryption anymore.

Thank you for taking the time to investigate this. I observed the "x-times before wipe" on a stock rom, therefore I was just curious if Replicant has the same behavior or not. Regarding the encrypted storage: On many pre-Android 4.1 or 4.2 devices, the internal sdcard and userdata partitions are separated in flash (even if you upgrade such a device it will keep the old partition layout). Thus, encrypting such a device will normally lead to sdcard not being encrypted. The Nexus-S seems to be an exception here, though.

Imho, vold is pretty complicated and not well documented - the docs as published by Google do not really work for me. I played around with the init scripts and XMLs to force a different mounting behavior, but this turned out to be quite frustrating. If you want, boot to recovery, mount your sdcard directory and check what data is actually on the partitions.

Regarding security in general: I am aware of the freezer attack (works only on devices with open bootloader), but you certainly don't want to shut down your phone after a number of unsuccessful password entry attempts. If you run your phone encrypted, you better do not enter your encryption password if you find your device turned off and someone could have gained physical access to it. An attacker could have dumped your data and installed any sniffer to pick up and send your password the next time you power it on. But this is a general issue with untrusted boot chains, unlocked bootloaders und unprotected recoveries.

Cyanogenmod by default only encrypts the /data partition. Newer models emulate the sdcard storage and save the data to /data/media, so everything gets encrypted. However, being an older phone [i9100] there is still a separate sdcard-partition on the phone which is physically and directly mounted and which will not be touched by encryption.

The strange thing though, is that when I enable encryption I'm unable to mount sdcard0 in both CWMR and when in Android while waiting for password input. Could someone post the output of "mount" without encryption applied?